util/nvmutil: fix unveil usage

arandom probably isn't available on super old obsd right?????? rather, unveil isn't. on systems that have arandom yet we should not unveil something that may not exist on modern systems just don't unveil arandom, and don't check arandom if unveil is enabled Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-16 17:30:03 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-16 17:30:03 +0000
commit: 31a5ab3e1571f1e5b3e5faafaf27abc182d219bc (patch)
tree: afd632403039b30a3548ad3860b65d0df6855bcc
parent: a4b2d0218a399e5e4809671d20a8bea5edb2f7d4 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 851eb0fb..1f91de0a 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -756,6 +756,8 @@ main(int argc, char *argv[])
 		err(errno, "pledge, unveil");
 	if (unveil("/dev/urandom", "r") == -1)
 		err(errno, "unveil: /dev/urandom");
+	if (unveil("/dev/random", "r") == -1)
+		err(errno, "unveil: /dev/random");
 #else
 	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
 		err(errno, "pledge");
@@ -1415,8 +1417,10 @@ read_urandom(void)
 	if (fd < 0) {
 
 		fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK);
+#ifndef NVMUTIL_UNVEIL
 		if (fd < 0) /* older openbsd */
 			fd = open("/dev/arandom", O_RDONLY | O_NONBLOCK);
+#endif
 		if (fd < 0) /* super old unix (could block) */
 			fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
author	Leah Rowe <leah@libreboot.org>	2026-03-16 17:30:03 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-16 17:30:03 +0000
commit	31a5ab3e1571f1e5b3e5faafaf27abc182d219bc (patch)
tree	afd632403039b30a3548ad3860b65d0df6855bcc
parent	a4b2d0218a399e5e4809671d20a8bea5edb2f7d4 (diff)